Domain Name Service DNS Overview October 2009 Computer Networking 1
Why DNS? Addresses are used to locate objects (contain routing information) Names are easier to remember and use than numbers DNS provides a mapping from names to addresses (and resources) October 2009 Computer Networking 2
DNS Services hostname to IP address translation host aliasing Canonical, alias names mail server aliasing load distribution replicated Web servers: set of IP addresses for one canonical name October 2009 Computer Networking 3
Why Not Centralize DNS? Single point of failure Traffic volume Distant centralized database Maintenance Doesn t scale! October 2009 Computer Networking 4
Features: Global Distribution Data is maintained locally, retrievable globally no single computer has all data DNS lookups can be performed by any device Remote DNS data is locally cacheable to improve performance October 2009 Computer Networking 5
Distributed, Hierarchical Database Root DNS Servers com DNS servers org DNS servers edu DNS servers yahoo.com DNS servers amazon.com DNS servers pbs.org DNS servers poly.edu umass.edu DNS serversdns servers Client wants IP for www.amazon.com client queries a root server to find com DNS server client queries com DNS server to get amazon.com DNS server client queries amazon.com DNS server to get IP address for www.amazon.com October 2009 Computer Networking 6
DNS: Root Name Servers Contacted by local name server that can not resolve name Root name server: Contacts authoritative server if name mapping not known Gets mapping Returns mapping to local name server e NASA Mt View, CA f Internet Software C. Palo Alto, CA (and 36 other locations) a Verisign, Dulles, VA c Cogent, Herndon, VA (also LA) d U Maryland College Park, MD g US DoD Vienna, VA h ARL Aberdeen, MD j Verisign, ( 21 locations) k RIPE London (also 16 other locations) i Autonomica, Stockholm (plus 28 other locations) m WIDE Tokyo (also Seoul, Paris, SF) b USC-ISI Marina del Rey, CA l ICANN Los Angeles, CA 13 root name servers worldwide October 2009 Computer Networking 7
Root Server Distribution October 2009 Computer Networking 8
TLD and Authoritative Servers Top-level domain (TLD) servers: Responsible for com, org, net, edu, etc, and all top-level country domains uk, fr, ca, jp. Network Solutions maintains servers for com TLD Educause for edu TLD Authoritative DNS servers: Organization s DNS servers, providing authoritative hostname to IP mappings for organization s servers (e.g., Web, mail). Maintained by organization or service provider October 2009 Computer Networking 9
Local Name Server Does not strictly belong to hierarchy Each ISP (residential ISP, company, university) has one. Also called default name server When host makes DNS query, query is sent to its local DNS server Acts as proxy, forwards query into hierarchy October 2009 Computer Networking 10
DNS Name Resolution root DNS server Example Host at cis.pacific.edu wants IP address for gaia.cs.umass.edu iterated query: Contacted server replies with name of server to contact I don t know this name, but ask this server local DNS server dns.pacific.edu 1 2 8 requesting host cis.pacific.edu 3 4 5 7 TLD DNS server 6 authoritative DNS server dns.cs.umass.edu gaia.cs.umass.edu October 2009 Computer Networking 11
DNS Name Resolution Example 2 root DNS server 3 recursive query: DNS server will chase the DNS trail puts burden of name resolution on contacted name server heavy load? local DNS server dns.pacific.edu 1 8 requesting host cis.pacific.edu 7 6 5 4 authoritative DNS server dns.cs.umass.edu TLD DNS server gaia.cs.umass.edu October 2009 Computer Networking 12
DNS: caching and updating records Once (any) name server learns mapping, it caches mapping cache entries timeout (disappear) after some time TLD servers typically cached in local name servers Thus root name servers not often visited Update/notify mechanisms under design by IETF RFC 2136 http://www.ietf.org/html.charters/dnsind-charter.html October 2009 Computer Networking 13
DNS Records DNS: Distributed db storing resource records (RR) RR format: (name, value, type, ttl) Type=A name is hostname value is IP address Type=NS name is domain (e.g. foo.com) value is hostname of authoritative name server for this domain Type=CNAME name is alias name for some canonical (the real) name www.ibm.com is really server7.backup.ibm.com value is canonical name Type=MX value is name of mailserver associated with name October 2009 Computer Networking 14
DNS Protocol, Messages DNS protocol : query and reply messages, both with same message format Message Header Identification: 16 bit # for query, reply to query uses same # Flags: Query or reply Recursion desired Recursion available Reply is authoritative October 2009 Computer Networking 15
DNS Protocol, Messages Name, type fields for a query RRs in response to query Records for authoritative servers Additional helpful info that may be used October 2009 Computer Networking 16
Inserting Records Into DNS Example: new startup Tiger Utopia Register name tigeruptopia.com at DNS registrar (Network Solutions, GoDaddy, etc.) Provide names, IP addresses of authoritative name server (primary and secondary) Registrar inserts two RRs into com TLD server: tigerutopia.com, dns1.tigerutopia.com, NS dns1.tigerutopia.com, 212.212.212.1, A Create authoritative server Type A record for www.tigeruptopia.com; Type MX record for tigerutopia.com October 2009 Computer Networking 17
DNS Data DNS databases contain more than just hostname-to-address records: Name server records Hostname aliases Mail Exchangers Host Information NS CNAME MX HINFO October 2009 Computer Networking 18
DNS Response To A Query (dig) ; <<>> DiG 9.5.1b1 <<>> www.treacle.com ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45053 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.treacle.com. IN A ;; ANSWER SECTION: www.treacle.com. 10800 IN A 63.206.191.202 ;; AUTHORITY SECTION: treacle.com. 10800 IN NS ns.treacle.com. ;; ADDITIONAL SECTION: ns.treacle.com. 10800 IN A 63.206.191.202 October 2009 Computer Networking 19
DNS Message Flags QR: Query=0, Response=1 AA: Authoritative Answer TC: response truncated (> 512 bytes) RD: recursion desired RA: recursion available rcode: return code October 2009 Computer Networking 20
DNS Zone File treacle.com. IN SOA tea.treacle.com. postmaster.treacle.com. ( 2006072801 ;serial 3h ;refresh TTL 1h ;retry 1w ;expire 1d ) ;negative caching TTL IN NS ns.treacle.com. IN MX 10 mail.treacle.com. IN TXT "Looking Glass Research" treacle.com. IN A 63.206.191.202 www.treacle.com. IN A 63.206.191.202 mail.treacle.com. IN A 63.206.191.202 ns.treacle.com. IN A 63.206.191.202 oasis.treacle.com. IN A 63.206.191.202 October 2009 Computer Networking 21
DNS Resolvers A DNS client is called a resolver A call to gethostbyname()is handled by a resolver (typically part of the client) nslookup is an interactive resolver that allows the user to communicate directly with a DNS server October 2009 Computer Networking 22
DNS Servers (partial list) BIND for Berkeley Internet Name Domain, or named, is the most commonly used Domain Name System (DNS) server on the Internet. On Unix-like systems it is the de facto standard. BIND is maintained by the Internet Systems Consortium. Microsoft DNS provided with Windows Server. Dnsmasq - a lightweight DNS forwarder and local resolver (often embedded into appliances). PowerDNS - an open-source DNS server. October 2009 Computer Networking 23
DNS Resources DNS and BIND by Cricket Liu DNS & BIND Cookbook (Liu) BIND www.isc.org October 2009 Computer Networking 24
DNS Security DDOS overloads Protocol flaws Cache poisoning No authentication Future DNS-Sec October 2009 Computer Networking 25